The internet world gets cunning and astounding with every passing day. Today, by clicking a mouse button, we get detailed human knowledge and a number of tools to share information and connect with others. On the other hand, we are very well aware that in this newer era of espionage, running amok are cybercrimes, data thefts, and security breaches.
The Web security experts noted time and again that whereas new Internet developments and advancements make people’s life a lot easier and more enjoyable, they provide cyber attackers with new ways of achieving their goals. For this reason, it is believed that Internet encryption nowadays is more valuable and vital than ever, and big and small companies alike are investing in different encryption solutions.
Of these, Cloudflare safeguards more than 10% of global web traffic by the use of an unusual process to generate random patterns and puzzle any potential hackers. It created a wall of coloured lava lamps in its headquarters in San Francisco. Through an interesting, if somewhat contemplative, procedure, it further secures large portions of the internet.
In this paper, we acquaint you with the weird encryption method devised by Cloudflare. First, we give you a general description of how lava lamps work, introduce you to the importance of randomness, and then go on explaining how the fluid flow inside the lamps creates a possibility for much safer encryption.
History of Lava Lamps
The first lava lamp was invented about 60 years ago by a British accountant, Edward Craven Walker. Craven Walker developed an initial idea from an egg timer in a cocktail shaker-shaped device he saw in a cafe.
Craven Walker filled the “air” of the timer with a mixture of wax and carbon tetrachloride, after which he baptized the lamp as the “Astro Lamp”. When the base of the lamp was heated upon connecting it to an electric source, enchanting lava-like bubbles were produced by the liquid that would slowly begin to move and dive within the space of the lamp.
These lamps were a mainstay for apartments and dorm rooms in middle-class and even a bit of the lower class during the 60s and 70s. By the 80s, lava lamps had somewhat faded into obscurity to give way to abstract and figurative paintings. Craven Walker sold his company to a British entrepreneur Christine Grenier and since then, the production of these lamps has been under the supervision of the Mathmos company. Within the next years, the U.S. licensed the analog invention of Craven Walker and shifted mass production to China.
A Wall of Lava Lamps in the Lobby of a Tech Company
Nowadays, Cloudflare has lined up a large number of lava lamps in various colors on one wall of the lobby in their company. They’ve also installed a filming camera on the ceiling of the hall. Using the constantly changing arrangement of pixels, the camera captures footage of the lamps at all hours, every day of the week, creating extremely secure encryption keys.
Everything the camera catches is part of the randomness or ‘Randomness’ process,” said Nick Sullivan, head of encryption at Cloudflare. “Visitors that just walk around the hall, light entering via the windows, or even small variations in temperature will make the move of the coloured bubbling lava inside the lamps change.
Theoretically, the malicious persons could infiltrate the hall with their cameras and record the same scenes. However, Cloudflare is ready for such eventuality and takes precautions against them. They record the movement of a pendulum in their London office and encode audio recordings of a Geiger counter in Singapore into the SSL/TLS encryption process in almost an impossible way for hackers to find their way into the system.
But why would basing encryption on data gathered from the random movement of the lava bubbles and the pendulum lamps increase the level of security in encryption so greatly? Understanding that requires a short introduction to what is actually meant by, and what the importance of “sources of randomness generation” is.
The Importance of Random Numbers in Encryption
It is here that the idea of cryptographic encryption is based on the generation of random and unpredictable numbers, which would also be kept secret from malicious attackers.
But the term “random” is somewhat ambiguous. The basic word has to do with specific issues in each domain and may therefore have related meanings. In this respect, it becomes very important to pin down the subtle and accurate meaning that both randomness and random bear in the context of encryption.
Number randomness is important in cryptography because it ensures that each key generated for encryption is unique and unpredictable. Predictable keys or patterns are most likely to come under attack, as hackers may exploit such information to decrypt encrypted data.
Such randomness in generation by Cloudflare is novel, making use of ever-changing and hence unpredictive movements of lava lamps and other such physical phenomena. So, incorporating these random elements into the encryption process of SSL/TLS significantly reduces the chances of attackers guessing or predicting the keys of encryption, hence enhancing the overall security of the encryption.
All in all, lava lamps, along with other random generators employed at Cloudflare, help to make the encryption environment unpredictable and robust; it is actually very difficult for hackers to create any security breach in their systems.
In general, in practically all industries and sciences, a process is said to be random if it possesses appropriate statistical properties. For example, the digits of “pi” are considered to be random because all numerical sequences do appear with equal frequency in it-the digit “15” appears as often as “38”, and the number “426” has a similar frequency to “297”. These properties, however, do not suffice for cryptographic purposes. Here, random or random numbers must be completely unpredictable.
In application, though the digits of “pi” are statistically random owing to their uniform distribution, they are nevertheless unsuitable for cryptographic purposes because they are completely deterministic: any given digit of “pi” can be computed based on its position in the sequence and is in this sense completely predictable.
By contrast, truly random numbers derive from the intrinsically indeterminate processes of nature, such as radioactive decay, thermal noise, or chaotic motion in lava lamps and pendulums. These sources of randomness provide a level of unpredictability that is indispensable for cryptographic security.
Random unpredictable numbers ensure the resistance of encryption keys and cryptographic algorithms against attacks, such as brute-force attacks or pattern analysis. By incorporating random movements of lava lamps into the encryption process, Cloudflare leverages this randomness to enhance the security of their systems.
In other words, statistical randomness is a significant attribute of many applications, whereas in cryptography, it has to be truly unpredictable. That brings us to the ingenious way in which Cloudflare uses random physical phenomena-such as lava lamps-for high unpredictability and to make those encryption methods even more robust against possible attacks.
The concept of unpredictability is an understanding that any form of encryption is inherently based on asymmetry of information. Whenever you want to do parts of the encryption process, or sections, securely, you need to focus on the fact that someone can compromise your security. All that separates you from your adversary is a secret-something that you know but they don’t. Encryption has a task of ensuring this asymmetry of information is adequate for the maintenance of your security.
Let me clarify this with the simpler example:
In this case, for example, you and your friend decide to go to the movies, but don’t want a third party -a hacker-to know which movie you are going to be watching, perhaps because he might interfere with your plans in some way.
Now, it is your turn to decide on the movie this week. In doing so, you must send a message across to your friend indicating the movie you have in mind. The catch is that you should ensure that if a hacker manages to get hold of your message and then gets to the substance of such a message, he will not understand the meaning of what it conveys. You put together a scheme as follows:
Since there are only two movies to watch at present, you identify one as A, the other as B. In front of your friend you flip a coin and you both record the outcome, heads or tails. Then you construct the table below which indicates that based on which movie you have selected and on whether the coin landed heads or tails, which message you will send.
Flipping a coin brings indeterminism in the process. Even if this message is intercepted by a hacker, he could predict, but not with any degree of certainty, which movie you were going to watch since this is based upon the completely random outcome of a coin flip. This is a very simple example of indeterminism in encryption whereby true randomness makes encrypted information secure and unpredictable by adversaries.
So, you decide on movie B, and the coin falls heads. You say to your friend: “Storms seldom happen in Hartford, Hereford, and Hampshire.” Your friend was there when you flipped the coin – and so he knows how that turned out. Based on the table, he knows to prepare for movie B.
The point is, the hacker does not know what your coin flip resulted in. They can only say there’s a 50% chance the coin landed on heads, and a 50% chance it landed on tails. So, the phrase “Storms rarely occur in Hartford, Hereford, and Hampshire” does not aid them in any way. The result is the hacker’s information stays at that primitive level, since there is a 50% chance you have selected movie A and a 50% chance you have chosen movie B.
This simple example describes how randomness can make a process unpredictable in that an adversary cannot tell, predict, or understand how it ends up. In encryption, this is what will ensure that the process of obtaining the encryption algorithms and keys is nondeterministic and hence secure and robust against attacks.
What Cloudflare does with such a randomness-generation approach, using physical phenomena like lava lamps, relies precisely on the fact that the basis of such a process is non-predictable, extending their security in encryption processes. By infusing these random elements into their encryption methods, they are making the generation of their encryption keys highly unpredictable; hence, it is very difficult for hackers to compromise their systems.
In other words, unpredictability is central to encryption because it ensures that any possible adversary has an unmanageable encryption process and indeterminate outcome, hence securing encrypted information.
Lets return to this idea of “unpredictability.” So what if we could predict the outcome of the coin toss? That is, suppose a hacker had switched your coin with a rigged coin in your pocket and was confident that the outcome of the first three coin tosses would be heads, tails, tails, respectively. Then, in this case, they would know with complete certainty what the first toss was. Whatever message you sent them, they’d guess the movie correctly with probability 100%.
That would be one truly thrilling example of real indeterminism in encryption: if an attacker could predict or determine the outcomes or keys used in encryption, then it is not secure. In the case of the lava lamp example with Cloudflare, the true indeterminacy of the physical phenomena is such that it guarantees the randomness of the output to really be there and less predictable by would-be attackers.
In cryptography, actual indeterminism ensures that the key used for encryption is completely random, unpredictable, and algorithmically indistinguishable to prevent adversaries from guessing or deducing it. As a matter of fact, that makes encryption secure and resistant to attack.
It generates randomness from various physical phenomena, including lava lamps. This, in turn, ensures that the encryption keys finally generated are truly indeterminate. Furthermore, using such random elements in their encrypting schemes enhances their security and presents a truly very difficult task for any hacker to compromise the encryption techniques of Cloudflare.
Ultimately, true randomness is a key ingredient for secure encryption: It ensures that the processes of encryption and their results will remain unknown and unpredictable to would-be adversaries, thus protecting both the integrity and confidentiality of the information encrypted.
Coin tossing as one of the most simple ways to show randomness nevertheless sees wide application in statistical science. However, the chances of getting heads or tails are partly predictable, and that is just the very reason it cannot be put to good use in encryption. Therefore, when we say “random” in relation to encryption, what we really are trying to drive at is complete unpredictability.
The Role of Colorful Lava Lamp Bubbles
So far, we have established that randomness is a very vital factor in secure encryption. Every time you open a website, you get an identifier. This identifier has to be fully unpredictive because it may happen that hackers can somehow guess it, and they act like you.
Every new key the computer uses for encryption has to be truly random; otherwise, no attacker can find the key and decrypt the data.
Whereas computers are designed to generate logical and predictable results from given inputs, said input typically will not produce random and chaotic data required for good encryption keys.
This kind of strong encryption needs the computer to generate truly unpredictable, random data. Surprisingly enough, the “real world” seems like one big random source, since events in the physical world are not predictable.
Whereas in lava lamps, that always happens randomly. The melting glass or the bubbles inside the lava lamps never assume a certain shape, which is why they serve as an awesome source of random data.
Why Can’t Regular Computers Generate Random Numbers?
Computers work logically. All computer programs are written with “if-then” statements: for instance, if such-and-such is the case, then such-and-such will happen. Thus, any given input to programs will always have the same output.
Regular computers, not having access to a source of randomness, rely on algorithms that simulate randomness. Such algorithms are deterministic: given the same initial conditions, they will always yield the same results. While they may seem random, these algorithms are predictable and unsuitable for secure encryption.
Conclusion: True randomness is required for proper encryption. While simple methods of randomness, such as coin tossing, truly explain the process of randomness, they are impractical for encryption due to their predictable outcome. Newer, avant-garde methods that employ the unpredictable and jumpy motion of bubbles within a lava lamp make for a much stronger and truly random source for encrypting keys, thus ensuring the encrypted data is safe and sound.
As a matter of fact, that is exactly what we do get from our computers. For any given input, there should be an expected output, not just any output. Just picture your printers printing random text when, in fact, you send it a PDF for printing, or your smartphones dialing some other number different from what you have dialed. Briefly, computers are useful because they are predictable and reliable.
Predictability is not a desired trait in generating secure encryption keys. Some computer programs are good at emulating randomness but aren’t strong enough or good enough at generating encryption keys.
How does the computer take real-world random inputs and generate random data?
For this, software programs called Pseudo-Random Number Generators are designed. Such PRNGs take in an unpredictable input and produce from it unpredictable outputs. A good PRNG is theoretically capable of generating any amount of random output from a random input.
Such algorithms generating numbers have the name pseudo-random and not actually random due to mainly two reasons:
- If some input has the same data or phrase consecutively, then the algorithm will produce precisely the same output for the two.
- If a PRNG runs for an indeterminate amount of time, it becomes difficult to prove whether the output it will produce during this time is random.
Hence, the algorithm always needs new random inputs. A random input is known for this purpose, called a “cryptographic seed.”
CSPRNG
A CSPRNG, or Cryptographically Secure Pseudo-Random Number Generator, is, in its basic meaning, a PRNG that obeys even more severe requirements and offers more secure encryption. In other words, the CSPRNG is two steps ahead of a PRNG on two critical aspects, namely:
- Such a program should pass certain statistical randomness tests with the aim of proving that it is predictable.
- Even in cases when a hacker has partial access to the program, he should not be able to predict the outputs of the CSPRNG.
Much like a PRNG, a CSPRNG does require random input data with which to begin the process of creating truly random data.
The lava lamps would, in fact, be a constant source for new cryptographic seeds. Since each image that is captured by the cameras of those lamps is different and no two images are alike, Cloudflare then has different random sequences of numerical values to act as an input to this process.
Are lava lamps the only source available for cryptographic seeds?
It would appear not. Most operating systems provide their own source of random data. For example, they use user events such as moving the mouse or typing on the keyboard and so on. Needless to say, gathering data from those types of sources is of course much slower.
It mixes random data obtained from lava lamps with the data generated by the Linux operating system running on two different machines to maximize entropy in preparing the initial input used for SSL/TLS encryption.
What is entropy?
In simple terms, entropy basically implies disorder, chaos, and confusion. However, in cryptography, this term takes on a different meaning-it means the level of unpreparedness. In fact, when measuring the entropy of a particular data set, cryptographers do so by the number of bits of entropy contained within that data set. Because of this, it has at one time been referred to as the entropy wall of lava lamps.
Since the flow of the lava in lava lamps is highly unpredictable, entropy in lamps of that kind will be amazingly high. Assuming that the recording camera clarity is 100×100 pixels, while in fact a far stronger camera is used, and assuming that a hacker tries to guess the value of each pixel at an accuracy of one bit, he would realize, for example, that a given pixel has shades of red with codes 123 or 124, but not which one exactly.
That kind of unpredictability or high entropy makes data, as collected from lava lamps, one of the best sources for cryptographic seeds; it ensures randomness in cryptographic keys and processes.
In that case, the total entropy generated by the image would be equivalent to 100 x 100 x 3, which equals 30,000 bits. The reason it’s multiplied by three is that each pixel consists of three color channels: red, green, and blue.
That’s a higher entropy order than actually needed for cryptographic applications.
The flow of entropy can be divided into the following stages:
- The lava lamp wall in the office lobby: This is the primary source of true entropy.
- In the lobby: There is a camera directed at the lava lamp wall. Here, the entropy is obtained both from the visual input by the lava lamps and from random noise in the individual light sensors.
- In the company’s office: There is a server connected with the camera. The server has an entropy system of its own, which merges with the entropy feed originating from the camera.
- At a company’s data center: There is a consumer of the office server’s entropy feed. This service mixes this entropy feed with its own local entropy system to create another entropy feed. Any number of such services can use this feed.
Security of LavaRand Service
Let us consider some possible attacks that might be leveled against this system:
- A hacker can place a hidden camera at the lava lamp wall and recreate images the company’s camera captures.
- A hacker can reduce the entropy of the lava lamp wall by: turning off the lamps, beaming bright light on the camera, or placing a lens cover over the camera, and many other types of physical attacks.
- A hacker who could compromise the camera might interfere with or substitute the frame feed and then control or duplicate the entropy source employed by the office server.
- A hacker might run code on the main office server and observe or modify the entropy feed generated from that server.
- A hacker might run code on a production service and observe or modify the entropy feed generated by that service.
Of these, only one of the resulting assumptions is catastrophic; it would permit an attacker to execute code on the production service delivering the final entropy feed. In every other scenario, the malignant entropy feed controlled by the hacker would be combined with a benign feed that would be out of reach and beyond modification by the attacker.
What if there’s a person standing in front of the lava lamps?
This tends to occur quite often. Either people walk across the lobby or stand in front of the lamps talking to each other. Such obstruction[s] in the path of the camera while recording become part of the randomness of the images. In other words, people inadvertently raise the entropy by obstructing the view of the lava lamps within the camera.
What if the camera is off or broken?
In this case, Cloudflare still has two other sources for randomization emanating from the operating system of Linux running on the company’s servers. Besides, it is very easy to access physically to repair or replace the camera installed in the lobby by technicians.
Is every office at Cloudflare using lava lamps for encryption?
The other two Cloudflare offices in London and Singapore each employ their unique method of generating randomness from real-world inputs. A dual pendulum setup, in which the first is attached to the second and whose movements are mathematically unpredictable, was fitted in the London office. Movements like these are then captured by the camera, which then convert into input that feeds encryption.
The Singapore office also has a device that uses a radioactive uranium bullet, which is quite small in size and harmless, decaying to generate random data to enhance encryption security.
The next interesting topic is that Cloudflare is not the first company that decided to use lava lamps as encryption. In 1996, there was a company called Silicon Graphics, which implemented such a system called “Lavarand.” Their patent already expired by the time Cloudflare started working in the area.
Two years ago, the Museum of Design in Zurich hosted an exhibition titled “Digital Planet,” where it showcased one hundred Mathmos lava lamps on a single wall. This exhibition was curated in collaboration with the University of Zurich, allowing guests to explore digital sciences up close with all human senses.
So, the use of improbable sources-lava lamps and radioactive decay-for generating random data can indeed be more than a practical solution in tech companies but rather an interesting junction of science, art, and education.